fyi: Storm Worm botnet numbers, via Microsoft

food for consideration. yes, #s are from MSFT as he notes, but are the only ones we have presently wrt actual Storm extent, yes? If not, pls post pointers... =JeffH -- Storm Worm botnet numbers, via Microsoft http://blogs.zdnet.com/security/?p=533 Posted by Ryan Naraine @ 7:40 am Categories

Re: debunking snake oil

to some degree, Schneier is already doing this with his "doghouse" section of the Crypto-gram newsletter. Although it sounds like you're being more ambitious in terms of desiring to publish cracks/hacks or whatever. Perhaps thumbing through the various Doghouses would provide some reasonable ta

Re: Neal Koblitz critiques modern cryptography.

[fwiw, Pascal Junod had sent this to this list under the subject "provable security" on 9-Aug] > A critique of modern cryptography well, in my reading it's not a "critique of modern cryptography" -- rather, it's (1) a comparison of the cultural differences between mathematical research and cry

Re: World's most powerful supercomputer goes online

http://en.wikipedia.org/wiki/Storm_Worm Dark Reading Keywords : Attacks / Exploits / Threats : Botnets http://www.darkreading.com/topics.asp?node_id=1801 Dark Reading News Analysis: Storm Hits Blogger August 30, 2007 : The ubiquitous Storm Trojan has found a new home

Re: Enigma for sale on eBay

[EMAIL PROTECTED] said: > http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=270146164488 ebay now says (as of when this messge is sent): > This Listing Is Unavailable > This listing (270146164488) has been removed or is no longer available. > Please make sure you entered the right

fyi: UK National Information Assurance Strategy Launched

From: Peter Tomlinson <[EMAIL PROTECTED]> Subject: National IA Strategy To: [EMAIL PROTECTED] Date: Mon, 02 Jul 2007 16:00:16 +0100 >From http://www.cabinetoffice.gov.uk/csia/ : "News National Information Assurance Strategy launched

Re: Free Rootkit with Every New Intel Machine (aka TPM, AMT)

i'd also scrawled: > my understanding from a person active in the NEA working group [1] (IETF) > is that TPMs these days "come along for free" because they're included on-die > in at least one of said chips. [EMAIL PROTECTED] said: > Check again. A few months ago I was chatting with someone who

fyi: SHA-2 patent status

of possible interest... Original Message Subject: [saag] SHA-2 patent status Date: Mon, 25 Jun 2007 09:55:46 -0700 From: Paul Hoffman <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Of possible interest (but hopefully no concern) to this list: a new IPR statement from the NSA to the

Re: Free Rootkit with Every New Intel Machine

[EMAIL PROTECTED] said: > With TPMs it's a bit different, they're absent from the hardware by default in case you're referring to the TCPA (trusted computing platform alliance) TPM.. my understanding from a person active in the NEA working group (IETF) is that TPMs these days "come along for f

wrt "Network Endpoint Assessment" (was: Re: Free Rootkit with Every New Intel Machine)

of potential related interest is.. Network Endpoint Assessment (NEA): Overview and Requirements note term "remediate/remediation". relevant snippage below. see also.. http://www.ietf.org/html.charters/nea-charter

fyi: Ross Anderson on UK ATM fraud

see also: "Reliability of security systems" http://www.cl.cam.ac.uk/~rja14/#Reliability =JeffH From: Ross Anderson <[EMAIL PROTECTED]> Subject: Newsnight tonight To: [EMAIL PROTECTED] Date: Wed, 20 Jun 2007 19:19:24 +0100 We helped make a piece on ATM fraud a few weeks ago for Newsn

fyi: A5 Cracking Project

From: steve <[EMAIL PROTECTED]> Subject: A5 Cracking Project To: [EMAIL PROTECTED] Date: Sun, 6 May 2007 16:54:58 + Hi, we are inviting people to design and build a A5/1 cracking machine. We are security enthusiasts. We started in January 2007 and built a GSM Receiver for 700 USD (http://w

Re: Cryptome cut off by NTT/Verio

Note that JohnY offers a DVD of the entire site's current state, plus bonus extra DVD, for a mere $25 donation. I've got mine, get yers now. =JeffH - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptograp

Re: Public key encrypt-then-sign or sign-then-encrypt?

There's also this paper.. Donald T. Davis, "Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML.", Proc. Usenix Tech. Conf. 2001 (Boston, Mass., June 25-30, 2001), pp. 65-78 http://world.std.com/~dtd/#sign_encrypt ..which addresses some of the questions, in a certain context, t

fyi: NSA Releases UK Crypto Docs

From: [EMAIL PROTECTED] Subject: NSA Releases UK Crypto Docs To: [EMAIL PROTECTED] Date: Fri, 02 Mar 2007 06:11:39 -0800 NSA has released under FOIA nine crypto docs in response to a request for information on "Non-Secret Encryption" and JH Ellis. One is a formerly secret paper by Ellis written i

Re: Skype reverse-engineering details]

Yes, that's a very interesting slide deck. An alternative URL to the talk is in this blog posting.. Skype.exe innards revealed... http://identitymeme.org/archives/2006/04/06/skypeexe-innards-revealed/ =JeffH - The Cryptogr

fyi: On-card displays

From: Ian Brown <[EMAIL PROTECTED]> Subject: On-card displays To: [EMAIL PROTECTED] Date: Wed, 20 Sep 2006 07:29:13 +0100 Via Bruce Schneier's blog, flexible displays that can sit on smartcards. So we finally have an output mechanism that means you don't have to trust smartcard terminal displays:

fyi: Ross' Book now online

From: Ross Anderson <[EMAIL PROTECTED]> Subject: Ross' Book now online To: [EMAIL PROTECTED] Date: Fri, 25 Aug 2006 18:17:30 +0100 I finally managed to persuade Wiley to let me put "Security Engineering" online for free download: http://www.cl.cam.ac.uk/~rja14/book.html Some of the chapters

Re: mailer certificate retrieval via LDAP?

You should consider also posting your query to ldap@umich.edu JeffH - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

fyi: Workshop on the Economics of Information Security ("WEIS" June 2006)

From: Ross Anderson <[EMAIL PROTECTED]> Subject: Workshop on the Economics of Information Security To: [EMAIL PROTECTED] Date: Fri, 12 May 2006 12:06:41 +0100 We now have online the program for next month's WEIS 2006 workshop in Cambridge: http://weis2006.econinfosec.org/prog.html There are

fyi: Deniable File System - Rubberhose

From: Owen Blacker <[EMAIL PROTECTED]> Subject: Deniable File System To: UK Crypto list <[EMAIL PROTECTED]> Date: Wed, 19 Apr 2006 11:43:18 +0100 (BST) Reply-To: [EMAIL PROTECTED] http://www.schneier.com/blog/archives/2006/04/deniable_file_s.html Some years ago I did some design work on something

fyi: talk: Reflective side-channel cryptanalysis

From: Eu-Jin Goh <[EMAIL PROTECTED]> Subject: FRI 15 JULY 1630 HRS : Reflective side-channel cryptanalysis To: [EMAIL PROTECTED] Date: Mon, 11 Jul 2005 08:46:19 -0700 - --- When - FRI 15th July 1630 hrs at Gates 4-B (opp

Re: fyi: Fingerprinting CPUs

[EMAIL PROTECTED] said: > This subject came up before. > http://citeseer.ist.psu.edu/shankar04side.html ah, yes, in various forms. The refs in that paper lead to this, fwiw.. http://dynamo.ecn.purdue.edu/~kennell/genuinity/publications.html JeffH

fyi: Fingerprinting CPUs

of possible interest to denizens hereabouts... JeffH From: David Farber <[EMAIL PROTECTED]> Subject: [IP] Fingerprinting CPUs To: Ip Date: Thu, 10 Feb 2005 12:30:12 -0500 Maybe a software manufacturer could lock software (say an OS :-) ) to a spefic machine djf - -- Forwarded Message Fro

Re: cryptograph(y|er) jokes? (Superpolynomial subexponential runtimes, or, How to Give a Math Lecture at a Party, by Eric Hughes)

it's kinda long, but I was at the Cryptorights party (as were many others on this list) where Eric did this and it was really very funny. JeffH available at.. http://www.xent.com/FoRK-archive/oct00/0429.html http://www.cryptorights.org/events/2000/superpolynomial.html > Subject: How to Gi